From b8cf387b68b28d0db78ebe8bb41fdd3307280be9 Mon Sep 17 00:00:00 2001 From: "Aaron S. Hawley" Date: Fri, 6 Apr 2018 15:10:22 -0400 Subject: [PATCH 1/2] Check secure feature processing enabled --- jvm/src/test/scala/scala/xml/XMLTest.scala | 48 ++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/jvm/src/test/scala/scala/xml/XMLTest.scala b/jvm/src/test/scala/scala/xml/XMLTest.scala index fac1c9362..aac0ce788 100644 --- a/jvm/src/test/scala/scala/xml/XMLTest.scala +++ b/jvm/src/test/scala/scala/xml/XMLTest.scala @@ -532,6 +532,54 @@ class XMLTestJVM { } } + /** Default SAXParserFactory */ + val defaultParserFactory = javax.xml.parsers.SAXParserFactory.newInstance + + @throws(classOf[org.xml.sax.SAXNotRecognizedException]) + def issue17UnrecognizedFeature: Unit = { + assertTrue(defaultParserFactory.getFeature("foobar")) + } + + @UnitTest + def issue17SecureProcessing: Unit = { + assertTrue(defaultParserFactory.getFeature("http://javax.xml.XMLConstants/feature/secure-processing")) + } + + @UnitTest + def issue17ExternalGeneralEntities: Unit = { + assertFalse(defaultParserFactory.getFeature("http://xml.org/sax/features/external-general-entities")) + } + + @UnitTest + def issue17LoadExternalDtd: Unit = { + assertFalse(defaultParserFactory.getFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd")) + } + + @UnitTest + def issue17DisallowDoctypeDecl: Unit = { + assertTrue(defaultParserFactory.getFeature("http://apache.org/xml/features/disallow-doctype-decl")) + } + + @UnitTest + def issue17ExternalParameterEntities: Unit = { + assertFalse(defaultParserFactory.getFeature("http://xml.org/sax/features/external-parameter-entities")) + } + + @UnitTest + def issue17ResolveDtdUris: Unit = { + assertFalse(defaultParserFactory.getFeature("http://xml.org/sax/features/resolve-dtd-uris")) + } + + @UnitTest + def issue17isXIncludeAware: Unit = { + assertFalse(XML.parser.isXIncludeAware) + } + + @UnitTest + def issue17isNamespaceAware: Unit = { + assertFalse(XML.parser.isNamespaceAware) + } + @UnitTest def issue28: Unit = { val x = From 47cde98722e8b4f43f5ecea101f5b29531aa9789 Mon Sep 17 00:00:00 2001 From: "Aaron S. Hawley" Date: Fri, 6 Apr 2018 16:02:34 -0400 Subject: [PATCH 2/2] Verify default parser features --- jvm/src/test/scala/scala/xml/XMLTest.scala | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/jvm/src/test/scala/scala/xml/XMLTest.scala b/jvm/src/test/scala/scala/xml/XMLTest.scala index aac0ce788..dfd06aef1 100644 --- a/jvm/src/test/scala/scala/xml/XMLTest.scala +++ b/jvm/src/test/scala/scala/xml/XMLTest.scala @@ -547,27 +547,27 @@ class XMLTestJVM { @UnitTest def issue17ExternalGeneralEntities: Unit = { - assertFalse(defaultParserFactory.getFeature("http://xml.org/sax/features/external-general-entities")) + assertTrue(defaultParserFactory.getFeature("http://xml.org/sax/features/external-general-entities")) } @UnitTest def issue17LoadExternalDtd: Unit = { - assertFalse(defaultParserFactory.getFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd")) + assertTrue(defaultParserFactory.getFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd")) } @UnitTest def issue17DisallowDoctypeDecl: Unit = { - assertTrue(defaultParserFactory.getFeature("http://apache.org/xml/features/disallow-doctype-decl")) + assertFalse(defaultParserFactory.getFeature("http://apache.org/xml/features/disallow-doctype-decl")) } @UnitTest def issue17ExternalParameterEntities: Unit = { - assertFalse(defaultParserFactory.getFeature("http://xml.org/sax/features/external-parameter-entities")) + assertTrue(defaultParserFactory.getFeature("http://xml.org/sax/features/external-parameter-entities")) } @UnitTest def issue17ResolveDtdUris: Unit = { - assertFalse(defaultParserFactory.getFeature("http://xml.org/sax/features/resolve-dtd-uris")) + assertTrue(defaultParserFactory.getFeature("http://xml.org/sax/features/resolve-dtd-uris")) } @UnitTest